Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Microservices with Netflix OSS & Hypermedia API...

Microservices with Netflix OSS & Hypermedia APIs - GeeCon

At a major telco company in Belgium we have designed and implemented a cutting-edge architecture using microservices and hypermedia (REST level 3 / hateoas) for the entire customer- and business-facing web portfolio. Throughout this session you will learn what the microservices hype is all about, including its benefits and pitfalls based on our experiences of running microservices (including the Netflix OSS) in production at a major company in Belgium. To manage hundreds of microservices you need to apply certain patterns such as circuit breakers, gateways, service registries and so on. You will learn how these patterns work, how they are applied through the Netflix stack and how easy it is to use them in your architecture through code examples and demos. The contracts between these microservices should be well defined and loosely coupled. Using hypermedia as the engine of application state (hateoas), we can benefit from independent evolution and decoupled implementation. How we can implement these using Spring Hateoas, correctly document using Spring Restdocs, integrate with the HAL browser and version using JsonViews will become clear in the second part of this session.

Andreas Evers

October 23, 2015
Tweet

More Decks by Andreas Evers

Other Decks in Technology

Transcript

  1. @andreasevers WHOAMI •  Work for Ordina Belgium •  Open source

    enthusiast •  Spring contributor •  Speaker •  Technical lead & coding architect @ Proximus •  Marathon runner
  2. @andreasevers Benefits •  Small, easy to understand code base • 

    Easy to scale •  Easy to throw away •  Easy to deploy •  Ability to use a different technology stack •  Smaller teams •  System resilience
  3. @andreasevers Pitfalls “If you can't build a monolith, what makes

    you think microservices are the answer?” Simon Brown
  4. @andreasevers Pitfalls •  Failing to adopt a contract-first approach • 

    Assuming the wrong communication protocol •  Introducing a shared domain model •  Defining inappropriate service boundaries •  Neglecting DevOps and testing concerns •  Disregarding the human factor •  Operational complexity not under control •  Failing to embrace eventual consistency
  5. @andreasevers •  Surgical Routing •  Stress Testing •  Canary Testing

    •  Request authentication & authorization •  Choosing origin servers Gateway – What’s the use?
  6. @andreasevers •  Surgical Routing •  Stress Testing •  Canary Testing

    •  Request authentication & authorization •  Choosing origin servers •  Routing the request to an origin •  Logging debug info •  Adding headers to the request and response •  Gathering statistics and metrics •  Filter error handling •  Generate static responses Gateway – What’s the use?
  7. @andreasevers •  Surgical Routing •  Stress Testing •  Canary Testing

    •  Request authentication & authorization •  Choosing origin servers •  Routing the request to an origin •  Logging debug info •  Adding headers to the request and response •  Gathering statistics and metrics •  Filter error handling •  Generate static responses •  Load Shedding Gateway – What’s the use?
  8. @andreasevers •  Surgical Routing •  Stress Testing •  Canary Testing

    •  Request authentication & authorization •  Choosing origin servers •  Routing the request to an origin •  Logging debug info •  Adding headers to the request and response •  Gathering statistics and metrics •  Filter error handling •  Generate static responses •  Load Shedding •  Dynamic behavior change Gateway – What’s the use?
  9. @andreasevers Service Registry Service Registry loyalty user billing billing’ loyalty

    user user origin Origin 1 Origin 2 billing loyalty origin
  10. @andreasevers Service Registry Service Registry loyalty user billing billing’ loyalty

    user billing user origin Origin 1 Origin 2 loyalty origin
  11. @andreasevers billing Service Registry Service Registry loyalty billing billing’ loyalty

    user user origin loyalty origin Origin 1 user billing’ billing Origin 2
  12. @andreasevers Service Registry Service Registry loyalty user user origin loyalty

    origin Origin 1 billing Origin 2 Service Registry loyalty user user origin loyalty origin Origin 1 billing Origin 2 loyalty Cached Registry
  13. @andreasevers Hypermedia h8ps://vimeo.com/20781278 Sub-constraints: •  IdenDficaDon of resources (URIs) • 

    ManipulaDon via representaDons (request & response bodies) •  Self-descripDve messages (headers) •  Hypermedia as the engine of applicaDon state HTTP as applica+on protocol
  14. @andreasevers Hypermedia h8ps://vimeo.com/20781278 Sub-constraints: •  IdenDficaDon of resources (URIs) • 

    ManipulaDon via representaDons (request & response bodies) •  Self-descripDve messages (headers) •  Hypermedia as the engine of applicaDon state If you don’t do this Then you don’t adhere to this And you are missing out on these
  15. @andreasevers Why Hateoas? •  Updating server-side web APIs only to

    learn that client applications no longer work as expected without undergoing code updates •  Moving long-lived server applications to a new DNS name (e.g. from www.belgacom.be to www.proximus.be) and having to completely rewrite all of the API documentation as well as update all existing client code with all its links to the server’s APIs •  Implementing new or modified process flow within the server-side application and discovering that existing clients break when encountering the new rules, ignore the rules, or, worse, continue to execute their own code in a way that creates invalid results on the server
  16. @andreasevers Hateoas in action How would you explain to a

    client to get to the Nerd in the Basement painting? A.  Go to Amazon.com, in the categories go to fine arts, follow paintings, more specifically oil paintings, and click on the one with the title Nerd in the Basement B.  Type http://www.amazon.com/Nerd-in-the-Basement/dp/ B00L849CSS/ref=lp_6685279011_1_2? s=art&ie=UTF8&qid=1431864368&sr=1-2 in your browser
  17. @andreasevers Hateoas in action HTML is a hypermedia format <a>

    is a link with method GET <form> is a link with method POST (or other if specified) The browser understands this syntax and shows a link or a form if the server response contains these tags
  18. @andreasevers Hateoas Requirements Communication between Client and Server depends on:

    •  Where does the client have to start? •  Root API •  In regular websites: the homepage •  Where am I? •  How do I interpret the current API response? •  In regular websites: the syntax of HTML is interpreted by the browser •  Where can I go? •  What does a link or form with a certain relation or class mean? •  In regular websites: link with relation “stylesheet”, form with action “login”
  19. @andreasevers Hateoas in action Amazon.com (and any other website in

    the whole world wide web) applies Hateoas. Why wouldn’t your API do the same?
  20. @andreasevers Hateoas Benefit: Runtime action discovery GET /account/12345 HTTP/1.1 HTTP/1.1

    200 OK <?xml version="1.0"?> <account> <account_number>12345</account_number> <balance currency="usd">100.00</balance> <link rel="deposit" href="/account/12345/deposit" /> <link rel="withdraw" href="/account/12345/withdraw" /> <link rel="transfer" href="/account/12345/transfer" /> <link rel="close" href="/account/12345/close" /> </account>
  21. @andreasevers Hateoas Benefit: Runtime operation discovery GET /account/12345 HTTP/1.1 HTTP/1.1

    200 OK <?xml version="1.0"?> <account> <account_number>12345</account_number> <balance currency="usd">-25.00</balance> <link rel="deposit" href="/account/12345/deposit" /> </account>
  22. @andreasevers Hateoas Concern: Scope In case of one or two

    clients built in the same team, it is arguable whether auto-discoverability is really a necessity
  23. @andreasevers Hateoas Concern: Structural Changes “customers/1/accounts/1/products/1234” auto-discoverable through HATEOAS as

    “customers[1].accounts[1].products[1234]” could break when accounts are bypassed
  24. @andreasevers Hateoas Benefit: Non-structural Changes “customers/1/accounts/1/products/1234” auto-discoverable through HATEOAS as

    “customers[1].accounts[1].products[1234]” will not break when 1234 as id is changed to “basementNerd”
  25. @andreasevers Hateoas Benefit: URI of Model Changes “customers/1/accounts/1/products/1234” being returned

    as part as the response body of “customers/1/accounts/1” will not break the client
  26. @andreasevers Content Types "text/html" •  Browsers know how to parse

    it •  Browsers understand keywords inside it •  E.g: a + href , form + action + method , ... "application/json" or "application/xml“ •  Clients know how to parse it •  Clients don’t understand keywords inside it •  Needs a uniform format as communication between client & server •  Needs a reference for out-of-bound (api-specific) keywords
  27. @andreasevers Content Types •  JSON •  NOT hypermedia-aware by default

    •  Needs a fixed format to support links and forms •  Many formats available •  XHTML •  IS hypermedia-aware by default •  Harder to process XHTML responses using javascript (xpath is required) •  The API responses can also be read by a human as regular HTML pages •  SVG, Atom, HTML •  Similar as XHTML but not preferred
  28. @andreasevers JSON Formats •  JSON-LD •  Augmenting existing APIs without

    introducing breaking changes •  Needs HYDRA as a vocabulary for communicating operations •  Decoupling of API serialization format & communication format •  HAL •  Minimal, light weight syntax and semantics •  Offers most of the benefits of using a hypermedia type •  Easy to convert existing API to HATEOAS •  Chosen and supported by Spring •  No support for specifying operations •  Collection+JSON •  Can list queries that your collection supports and templates that clients can use to alter your collection •  Great for publishing user editable data •  SIREN •  Represents generic classes of items •  Supports operations •  Concept of classes, bringing a sense of type information to your API responses.
  29. @andreasevers What should you document •  Resources •  What do

    they represent? •  What input do they accept? •  What output do they produce? •  Links •  Where can you go? •  What will you find when you get there? •  Cross-cutting concerns •  HTTP status codes & verbs •  Authentication, rate limiting, …
  30. @andreasevers Best practices for documentation •  Write as much as

    possible in a format that’s designed for writing •  Don’t use the implementation to provide the documentation •  Provide some guarantees that the documentation is accurate h8ps://github.com/spring-projects/spring-restdocs
  31. @andreasevers Thank you for your attention •  Twitter: @andreasevers • 

    https://github.com/oraj-360 •  http://registry.oraj360.cfapps.io/ •  https://netflix.github.io/ •  http://projects.spring.io/spring-cloud/ •  http://projects.spring.io/spring-hateoas/ •  https://github.com/spring-projects/spring-restdocs